|
Post by Pilot on Nov 25, 2011 16:27:52 GMT -5
mashable.com/2011/11/17/worst-internet-passwords/?WT.mc_id=obinsite1. password 2. 123456 3.12345678 4. qwerty 5. abc123 6. monkey 7. 1234567 8. letmein 9. trustno1 10. dragon 11. baseball 12. 111111 13. iloveyou 14. master 15. sunshine 16. ashley 17. bailey 18. passw0rd 19. shadow 20. 123123 21. 654321 22. superman 23. qazwsx 24. michael 25. football SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately. The company provided some tips for choosing secure passwords in a statement: 1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible. 2. Choose passwords of eight characters or more. Separate short words with spaces or underscores. 3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts. [/quote] Any thoughts on this? (I personally think it's a waste of time to update my password every 3 months like some people recommend.)
|
|
|
Post by RoadDemon on Nov 26, 2011 5:18:50 GMT -5
I personally use multiple words(separated by spaces if the site allows for it) usually with a few capitals/numbers/symbols for good measure. Here is a web comic that sums it up nicely. here is the link to the website for that comic xkcd.com/936/
|
|
|
Post by Captain Zedo on Nov 26, 2011 15:11:55 GMT -5
Passwords are so obsolete, they're almost funny. So many "secure" accounts require such a short password (less than 25 characters), it's easy just to strongarm the account open. It's getting hard to find a web server that bothers booting someone for a few million wrong password attempts. Security is awful and you'd think it would be better than in years past.
With fast connections and super fast machines, passwords are far out of date. I see the use of thumbprints combined with static IPs in the near future. It's a problem that needs to be dealt with pronto. I currently assume that anything that is only password protected is fundamentally public.
|
|
|
Post by riedquat on Nov 29, 2011 13:58:58 GMT -5
I always have had problems with passwords... I always forget them... or I use the same with slight variations for eons and then again I have the problem I forgot the variation... And of course it must be one of 99 variations... pfff... so simple... And the lovely feature of password recovering puts me in another problem... they deliver my old or new generated password to one of my emails... one of those I don't use so frequently because... you can guess it... yeah! I forgot the password to that one... err... nah! honestly I forgot the passwords of almost all my emails except one, the work email... I am the administrator of the email server... weee... So the other day I wanted to chat with a friend from Indonesia, other friend told me he was active on facebook.... ahhh... if I only remember the facebook password... umm... after trying to make memory for 10-15 minutes I remembered with which email account I registered there back in the day... yeap I remember or guessed the email address but obviously not the password so it took me like another 30-40 minutes to figure out what other email address I used to register the other email address... Do you want to bet how dumb can someone be? Do it now! Yes I am. When I got that email address right I had to guess a third one, it took less time this time around. Finally I logged in three different email accounts and got the proper password to enter facebook. Of course when I logged in my friend wasn't around any more... this happened two weeks ago... today I don't remember any of those passwords except the one of the last email... ;D And I have a question for all of you, not related directly with passwords but facebook: Am I the only one who got impersonated in facebook? I don't mean another dude with my names, I mean a sick bastard with my name and all my personal info posted there and of course is not me... he also has real friends of me as his friends...
|
|
|
Post by Captain Zedo on Nov 30, 2011 6:54:37 GMT -5
@reidquat:
I got impersonated on Facebook twice. Facebook actually helped the fakes and ignored my pleas for help. To combat this, I have no Facebook account and make it clear that I never will. This lets everyone know that *any* Facebook page about me is fake.
It's common in business to fake your competitors on Facebook because the system is just not secure and there is no help from Facebook's administration. This is what happens when non-coders like Zuckerbutt steal code and set up a site. They can't really do anything with it but hire real coders to improve it to death.
The core problem is that Facebook has no way to know who is who out there. For real fun, set up a fake account on Facebook and Twitter and start tweeting like hell. You'll drive your victim nuts.
To date, the only defense is just to stay off the current and primitive social networking and let everyone know you do *not* have a page. You can still get accounts to lurk. Now you know why I don't have Captain Zedo or Code Punk Facebook pages or Tweets. I'm not behind in any way. I find email and bulletin boards much more secure. Facebook and Twitter need to catch up with their predecessors.
|
|
|
Post by RoadDemon on Nov 30, 2011 12:31:32 GMT -5
I always have had problems with passwords... I always forget them... or I use the same with slight variations for eons and then again I have the problem I forgot the variation... And of course it must be one of 99 variations... pfff... so simple... You might want to try something like Passwordsafe( passwordsafe.sourceforge.net/) or PasswordGorilla ( www.fpx.de/fp/Software/Gorilla/)
|
|
|
Post by riedquat on Dec 7, 2011 11:07:16 GMT -5
Thanks for the info RD! These perhaps will serve for the office... I'm using some financial services that require passwords change every 15 days.... currently it is set up to diecisietenumerosclaves that translates into seventeenkeynumbers I just run short of passwords at onekeynumber lol
|
|
|
Post by Captain Zedo on Dec 8, 2011 8:00:45 GMT -5
Thanks for the info RD! These perhaps will serve for the office... I'm using some financial services that require passwords change every 15 days.... currently it is set up to diecisietenumerosclaves that translates into seventeenkeynumbers I just run short of passwords at onekeynumber lol I've made my own JavaScript password generator and vault that can run in any browser. It does okay. I run it in IE, which I have blocked from the Internet. I can then copy and paste my passwords - some 63 at present count. It's just ridiculous.
|
|
|
Post by Pilot on Mar 23, 2020 11:23:38 GMT -5
I started to create a new topic, but it is interesting to see how close Z got in this estimation, Authenticators (<-- Not yet in the dictionary surprisingly) and all. Passwords are so obsolete, they're almost funny. So many "secure" accounts require such a short password (less than 25 characters), it's easy just to strongarm the account open. It's getting hard to find a web server that bothers booting someone for a few million wrong password attempts. Security is awful and you'd think it would be better than in years past. With fast connections and super fast machines, passwords are far out of date. I see the use of thumbprints combined with static IPs in the near future. It's a problem that needs to be dealt with pronto. I currently assume that anything that is only password protected is fundamentally public. I always have had problems with passwords... I always forget them... or I use the same with slight variations for eons and then again I have the problem I forgot the variation... And of course it must be one of 99 variations... pfff... so simple... You might want to try something like Passwordsafe( passwordsafe.sourceforge.net/) or PasswordGorilla ( www.fpx.de/fp/Software/Gorilla/) This is still a good method to keep up with passwords, but if you don't trust a third-party "safe". I always have had problems with passwords... I always forget them... or I use the same with slight variations for eons and then again I have the problem I forgot the variation... And of course it must be one of 99 variations... pfff... so simple... And the lovely feature of password recovering puts me in another problem... they deliver my old or new generated password to one of my emails... one of those I don't use so frequently because... you can guess it... yeah! I forgot the password to that one... err... nah! honestly I forgot the passwords of almost all my emails except one, the work email... I am the administrator of the email server... weee...
So the other day I wanted to chat with a friend from Indonesia, other friend told me he was active on facebook.... ahhh... if I only remember the facebook password... umm... after trying to make memory for 10-15 minutes I remembered with which email account I registered there back in the day... yeap I remember or guessed the email address but obviously not the password so it took me like another 30-40 minutes to figure out what other email address I used to register the other email address... Do you want to bet how dumb can someone be? Do it now!
Yes I am. When I got that email address right I had to guess a third one, it took less time this time around. Finally I logged in three different email accounts and got the proper password to enter facebook. Of course when I logged in my friend wasn't around any more... this happened two weeks ago... today I don't remember any of those passwords except the one of the last email... ;D
And I have a question for all of you, not related directly with passwords but facebook:
Am I the only one who got impersonated in facebook? I don't mean another dude with my names, I mean a sick bastard with my name and all my personal info posted there and of course is not me... he also has real friends of me as his friends... What I recently started doing myself is I found some website that has a key generator and generated 50 or so 8 char[acters] and 16 char keys, surprisingly one website asked me for 18 chars. -_- Anyway I copied those into a spread sheet, you can use Libre Office or Open Office, if you don't want to pay for Microsoft's "micro" transactions for office. Website: | Username: | eMail: | Pass word 8: | =-= | Website: | Username: | eMail: | Pass 16: | hardwar. | pilot | name @ that .co | 12345678 | | ofther. | | anothername | 0123456789abcdef | | else blank | Row 3 column 2 | 87654321 | | | Row 3 column 5 | Row 3 column 6 | fedcba9876543210 |
So basically that kind of formatting and then I save it, after checking "Save with password" and "Encrypt with GPG key" after that I move it to a USB drive or two that I plug in when I need a password that I don't remember or my browser doesn't remember, or if I'm on another computer, account, or OS. In my case I used a wifi password from about 10 years ago. . . Yeah that thing is still stuck in my head. Slightly modified to follow a set of rules that I decided for my passwords. For example, certain letter rules that I use, for example: a b c d E f g H i j k L m n O p q r S t u v w x y z Now those will always be capitalized in my rule set or might follow the elite 1337 sp33k convention if a letter is similar enough. Sadly websites are usually ANSI based instead of UniCode. Otherwise their would be Matrixesque passwords possible.
|
|